<div id="header"><p>Login</p></div>
<div>
<?php

// If the login action was set...
if($_GET["action"] === "login")
{
	// Empty usernames or passwords are invalid, redirect with the invalid action specified
	if($_POST["username"] === "" || $_POST["pass"] === "") {
		header('Location: ?p=loginform&action=invalid');
		return;
	}
		
	// Grab username and password from form input
	$name = $_POST["username"];
	$pass =  $_POST["pass"];

	// The salt is simply a SHA-1 hash of the username
  $salt = sha1($name);
	// The encrypted password is the SHA-1 hash of the salt appended to the password
	$codedpass = sha1($pass.$salt);
	
	// We have to use the prepare function to call the validateLogin stored procedure
	// because simply inserting the variables into the string breaks hashed password's
  // format.  Instead, we use the bind_param call on our statment
	$stmt = $database->prepare("CALL validateLogin(?,?)");
	$stmt->bind_param('ss',$name,$codedpass);

	// Execute the created statement and put results into 'validate' variable
	$stmt->execute();
	$stmt->bind_result($validate);

	// If the procedure didn't return the username, then redirect here with the "invalid" parameter set
	if(!$stmt->fetch() || $validate != $name)	
	{
		$stmt->close();
		header('Location: ?p=loginform&action=invalid');
		return;			
	}

	$stmt->close();

	// Otherwise, we've successfully logged in, so store the username and loggedIn flag as session variables
	$_SESSION["username"] = $_POST["username"];
	$_SESSION["loggedIn"] = true;
	
	// If the remember me box was checked...
	if(isset($_POST['rememberMe']))
	{
		// Store the username in a cookie if it was set to "Yes"
		if($_POST['rememberMe'] == "Yes")
		{
			setcookie('storedUser',$_POST['username'],2147483647);
		}
	}
	else
	{
		// Delete the cookie if this user was originally remembered
		if($_POST['username'] == $_COOKIE['storedUser'])
		{
			setcookie('storedUser', "",time()-3600);
		}
	}

	// Unset the theme session var in case there was a cookie holding the theme
	// which the index.php page will retrieve automatically for us, so long as
	// there wasn't a session variable previously set for the theme
	unset($_SESSION["theme"]);

	// Redirect to the "Your Room" page and exit this script
	header('Location: ?p=recentdata');
	return;
}
else if($_GET["action"] === "invalid")
{
	// Occurs when the username or password was invalid or not correct combo
	echo "<p>Your username or password is invalid. Please try again.</p>";
}
else if($_GET["action"] === "logout")
{	
	// Occurs if the user wants to log out, we unset some session variables
	// and destroy the entire session. The user is then redirected to the home
	// page
  unset($_SESSION["username"]);
	unset($_SESSION["loggedIn"]);
	session_destroy();
	header('Location:?p=home');
	return;
}
else if ($_GET["action"] === "registered")
{
	// Occurs after a successfully registration
	echo "<p>You have succesfully registered! Please login.</p><br />";
}

//
// The following code produces the login form for the user
//
echo '<form name="input" action="?p=loginform&action=login" method="post">
			<fieldset>
			<legend>Login Form</legend>
			<label for="username">Username</label>';

// If remembered user, insert it as default value for username textfield
if(isset($_COOKIE['storedUser']))
{
	echo '<input size="25"  type="text" style="font-family:monospace" name="username" value="'.$_COOKIE['storedUser'].'" />';
}
else
{
	echo '<input size="25" style="font-family:monospace" type="text" name="username" />';
}

// Password textfield
echo '<br/><label for="pass">Password</label><input size="25" style="font-family:monospace" type="password" name="pass" /><br/>
			<br />';

// Offer registration link
echo '<br/>If you do not have a username or password please <a href = "?p=register">register.</a><br />';
echo '<br/>';
echo '<br/>';

// Check the Remember Me checkbox if there was a remembered username
if(isset($_COOKIE['storedUser']))
{
	echo '<input type="checkbox" name="rememberMe" value="Yes" checked="checked"/>Remember Me';
}
else
{
	echo '<input type="checkbox" name="rememberMe" value="Yes" />Remember Me';
}

// End login form
echo '<p class="submit"><input type="submit" value="Login" name="submit"></p>
			</fieldset>
			</form>';

?>
</div>


